strongswan.git
9 years agoUse spaces in Makefile.am identation, autotools don't like tabs
Martin Willi [Fri, 20 May 2011 08:09:09 +0000 (10:09 +0200)]
Use spaces in Makefile.am identation, autotools don't like tabs

9 years agoAdd md5 to script plugins
Martin Willi [Fri, 20 May 2011 08:08:57 +0000 (10:08 +0200)]
Add md5 to script plugins

9 years agoLink libstrongswan directly to dumm/irdumm, fixes build with newer binutils
Martin Willi [Thu, 19 May 2011 12:29:21 +0000 (14:29 +0200)]
Link libstrongswan directly to dumm/irdumm, fixes build with newer binutils

9 years agoFix some warnings triggered by gcc 4.6 -Wunused-but-set-variable
Martin Willi [Thu, 19 May 2011 12:24:26 +0000 (14:24 +0200)]
Fix some warnings triggered by gcc 4.6 -Wunused-but-set-variable

9 years agostroke: Usage output updated.
Tobias Brunner [Mon, 16 May 2011 16:47:52 +0000 (18:47 +0200)]
stroke: Usage output updated.

9 years agoUpdate working thread count without allocation.
Tobias Brunner [Mon, 16 May 2011 16:28:03 +0000 (18:28 +0200)]
Update working thread count without allocation.

9 years agoMake sure working thread count is correctly updated
Tobias Brunner [Thu, 5 May 2011 16:06:09 +0000 (18:06 +0200)]
Make sure working thread count is correctly updated

9 years agoMigrated controller_t to INIT/METHOD macros
Martin Willi [Fri, 6 May 2011 07:50:02 +0000 (09:50 +0200)]
Migrated controller_t to INIT/METHOD macros

9 years agoProvide get_priority() method in controller jobs
Martin Willi [Fri, 6 May 2011 07:30:54 +0000 (09:30 +0200)]
Provide get_priority() method in controller jobs

9 years agoAdded a load tester strongswan.conf option to throttle initiation
Martin Willi [Thu, 5 May 2011 10:40:53 +0000 (12:40 +0200)]
Added a load tester strongswan.conf option to throttle initiation

9 years agoMigrated load_tester_listern to INIT/METHOD macros
Martin Willi [Thu, 5 May 2011 10:48:38 +0000 (12:48 +0200)]
Migrated load_tester_listern to INIT/METHOD macros

9 years agoAdded strongswan.conf option to override half open IKE_SA timeout
Martin Willi [Thu, 5 May 2011 10:34:24 +0000 (12:34 +0200)]
Added strongswan.conf option to override half open IKE_SA timeout

9 years agoUse CRITICAL job priority class for long running dispatcher jobs
Martin Willi [Thu, 5 May 2011 08:51:11 +0000 (10:51 +0200)]
Use CRITICAL job priority class for long running dispatcher jobs

9 years agoIntroduce a highest priority job for critical thread services
Martin Willi [Thu, 5 May 2011 08:33:26 +0000 (10:33 +0200)]
Introduce a highest priority job for critical thread services

9 years agoShow total and half-open SA count in statusall
Martin Willi [Thu, 5 May 2011 08:31:45 +0000 (10:31 +0200)]
Show total and half-open SA count in statusall

9 years agoAdded a get_count() method to IKE_SA manager
Martin Willi [Thu, 5 May 2011 08:01:21 +0000 (10:01 +0200)]
Added a get_count() method to IKE_SA manager

9 years agoFixed identiation in private_ike_sa_manager
Martin Willi [Thu, 5 May 2011 07:54:35 +0000 (09:54 +0200)]
Fixed identiation in private_ike_sa_manager

9 years agoAdded a callback_job constructor supporting custom priorities
Martin Willi [Wed, 4 May 2011 14:09:08 +0000 (16:09 +0200)]
Added a callback_job constructor supporting custom priorities

9 years agoAdded a DPD option for load-tester
Martin Willi [Wed, 4 May 2011 14:03:14 +0000 (16:03 +0200)]
Added a DPD option for load-tester

9 years agoDon't simulate traffic on load-tester kernel interface
Martin Willi [Wed, 4 May 2011 14:02:40 +0000 (16:02 +0200)]
Don't simulate traffic on load-tester kernel interface

9 years agoShow how many threads are active in each class in statusall
Martin Willi [Wed, 4 May 2011 13:33:47 +0000 (15:33 +0200)]
Show how many threads are active in each class in statusall

9 years agoCount number of threads active in each class, and reserve threads only if none active
Martin Willi [Wed, 4 May 2011 13:32:31 +0000 (15:32 +0200)]
Count number of threads active in each class, and reserve threads only if none active

9 years agoAdded a statusallnb stroke command to show status non-blocking
Martin Willi [Wed, 4 May 2011 09:21:33 +0000 (11:21 +0200)]
Added a statusallnb stroke command to show status non-blocking

9 years agoAdded init_limit_half_open and a init_limit_job_load (replacing job_threshold) option...
Martin Willi [Tue, 3 May 2011 16:18:58 +0000 (18:18 +0200)]
Added init_limit_half_open and a init_limit_job_load (replacing job_threshold) options, some refactorings

9 years agoAdded preshared_key/eap_password load_tester options to set custom credentials
Martin Willi [Tue, 3 May 2011 14:43:30 +0000 (16:43 +0200)]
Added preshared_key/eap_password load_tester options to set custom credentials

9 years agoAdded initiator/responder_id load tester options to enforce different identities
Martin Willi [Tue, 3 May 2011 14:38:50 +0000 (16:38 +0200)]
Added initiator/responder_id load tester options to enforce different identities

9 years agoMigrated load_tester_config to INIT/METHOD macros
Martin Willi [Tue, 3 May 2011 14:18:51 +0000 (16:18 +0200)]
Migrated load_tester_config to INIT/METHOD macros

9 years agoMigrated load_tester_creds to INIT/METHOD macros
Martin Willi [Tue, 3 May 2011 14:13:40 +0000 (16:13 +0200)]
Migrated load_tester_creds to INIT/METHOD macros

9 years agoFix load tester shared key enumerator, provide dedicated EAP password
Martin Willi [Tue, 3 May 2011 11:15:37 +0000 (13:15 +0200)]
Fix load tester shared key enumerator, provide dedicated EAP password

9 years agoAdded a non-blocking, skipping variant of IKE_SA enumerator
Martin Willi [Mon, 2 May 2011 13:28:33 +0000 (15:28 +0200)]
Added a non-blocking, skipping variant of IKE_SA enumerator

9 years agoAdded a job_threshold option to drop IKE_SA_INITs if a certain job load reached
Martin Willi [Mon, 2 May 2011 13:04:42 +0000 (15:04 +0200)]
Added a job_threshold option to drop IKE_SA_INITs if a certain job load reached

9 years agoUse high priority for retransmit/dpd/keepalive jobs
Martin Willi [Mon, 2 May 2011 11:56:49 +0000 (13:56 +0200)]
Use high priority for retransmit/dpd/keepalive jobs

9 years agoUse job priorities in process_message job based on exchange types
Martin Willi [Mon, 2 May 2011 11:56:17 +0000 (13:56 +0200)]
Use job priorities in process_message job based on exchange types

9 years agoReserve threads for job priority classes based on strongswan.conf options
Martin Willi [Mon, 2 May 2011 10:18:03 +0000 (12:18 +0200)]
Reserve threads for job priority classes based on strongswan.conf options

9 years agoAdded job priority enum names
Martin Willi [Mon, 2 May 2011 09:53:25 +0000 (11:53 +0200)]
Added job priority enum names

9 years agoProcessor job scheduling respects job priority classes
Martin Willi [Mon, 2 May 2011 09:28:04 +0000 (11:28 +0200)]
Processor job scheduling respects job priority classes

9 years agoIntroduce priority classes for jobs
Martin Willi [Mon, 2 May 2011 08:52:06 +0000 (10:52 +0200)]
Introduce priority classes for jobs

9 years agoAdded a stroke memusage command to show memory usage
Martin Willi [Fri, 29 Apr 2011 13:13:15 +0000 (15:13 +0200)]
Added a stroke memusage command to show memory usage

9 years agoAdded a leak detective method to report current memory usage with backtraces
Martin Willi [Fri, 29 Apr 2011 12:53:24 +0000 (14:53 +0200)]
Added a leak detective method to report current memory usage with backtraces

9 years agoMake leak detective public
Martin Willi [Fri, 29 Apr 2011 12:52:32 +0000 (14:52 +0200)]
Make leak detective public

9 years agoMigrated leak_detective to INIT/METHOD macros
Martin Willi [Fri, 29 Apr 2011 12:00:45 +0000 (14:00 +0200)]
Migrated leak_detective to INIT/METHOD macros

9 years agoAdded a frame enumerator to backtrace_t
Martin Willi [Fri, 29 Apr 2011 11:56:20 +0000 (13:56 +0200)]
Added a frame enumerator to backtrace_t

9 years agoAdded an equals function to backtrace_t
Martin Willi [Fri, 29 Apr 2011 11:49:24 +0000 (13:49 +0200)]
Added an equals function to backtrace_t

9 years agoMigrated backtrace_t to METHOD macro
Martin Willi [Fri, 29 Apr 2011 11:45:22 +0000 (13:45 +0200)]
Migrated backtrace_t to METHOD macro

9 years agomaemo: New upstream release.
Tobias Brunner [Mon, 16 May 2011 12:15:08 +0000 (14:15 +0200)]
maemo: New upstream release.

9 years agoversion bump to final 4.5.2 4.5.2
Andreas Steffen [Sat, 14 May 2011 15:12:50 +0000 (17:12 +0200)]
version bump to final 4.5.2

9 years agowhitelisting can already be enabled in strongswan.conf
Andreas Steffen [Sat, 14 May 2011 15:11:15 +0000 (17:11 +0200)]
whitelisting can already be enabled in strongswan.conf

9 years agofixed whitelist enabling
Andreas Steffen [Sat, 14 May 2011 15:09:45 +0000 (17:09 +0200)]
fixed whitelist enabling

9 years agodo not call recommendations if recs does not exist
Andreas Steffen [Sat, 14 May 2011 14:36:05 +0000 (16:36 +0200)]
do not call recommendations if recs does not exist

9 years agoRestrict IMCs and IMVs to call SendMessage()
Andreas Steffen [Sat, 14 May 2011 11:31:16 +0000 (13:31 +0200)]
Restrict IMCs and IMVs to call SendMessage()

9 years agoDon't compile login() in openssl_rsa_private_key_t if ENGINE support is disabled...
Tobias Brunner [Fri, 13 May 2011 11:11:11 +0000 (13:11 +0200)]
Don't compile login() in openssl_rsa_private_key_t if ENGINE support is disabled in OpenSSL.

9 years agofetcher.c added to Android.mk.
Tobias Brunner [Fri, 13 May 2011 11:09:38 +0000 (13:09 +0200)]
fetcher.c added to Android.mk.

9 years agoadded ikev2/rw-whitelist scenario
Andreas Steffen [Thu, 12 May 2011 19:11:01 +0000 (21:11 +0200)]
added ikev2/rw-whitelist scenario

9 years agoDisable whitelist plugin by default
Martin Willi [Thu, 12 May 2011 07:07:14 +0000 (09:07 +0200)]
Disable whitelist plugin by default

9 years agoProtect the communication with the SIM card during a transaction from access by a...
Duncan Salerno [Thu, 12 May 2011 04:19:59 +0000 (06:19 +0200)]
Protect the communication with the SIM card during a transaction from access by a second application

9 years agoprotection against insane IMCs and IMVs
Andreas Steffen [Wed, 11 May 2011 17:34:01 +0000 (19:34 +0200)]
protection against insane IMCs and IMVs

9 years agoDo not use deprecated vte_terminal_fork_command()
Martin Willi [Wed, 11 May 2011 10:12:02 +0000 (12:12 +0200)]
Do not use deprecated vte_terminal_fork_command()

9 years agoReturn correct status code in kernel_netlink_ipsec_t.query_sa.
Tobias Brunner [Tue, 10 May 2011 13:45:42 +0000 (15:45 +0200)]
Return correct status code in kernel_netlink_ipsec_t.query_sa.

9 years agochunk_clear not clear_chunk.
Tobias Brunner [Tue, 10 May 2011 13:40:46 +0000 (15:40 +0200)]
chunk_clear not clear_chunk.

9 years agopluto: Securely wipe quick mode keys from memory.
Thomas Egerer [Tue, 10 May 2011 13:39:00 +0000 (15:39 +0200)]
pluto: Securely wipe quick mode keys from memory.

Keying material is derived in two separate steps for local and remote
endpoint. This allows us to securely wipe local/remote secrets
separately, too -- a precondition to wipe quick mode keys from memory in
a secure fashion.

9 years agopluto: Securely wipe sensitive data from memory.
Thomas Egerer [Tue, 10 May 2011 13:19:46 +0000 (15:19 +0200)]
pluto: Securely wipe sensitive data from memory.

9 years agoterminate imc/imv that couldn't be initialized properly
Andreas Steffen [Tue, 10 May 2011 05:03:37 +0000 (07:03 +0200)]
terminate imc/imv that couldn't be initialized properly

9 years agolock the set_message_types() method for imvs
Andreas Steffen [Mon, 9 May 2011 05:55:59 +0000 (07:55 +0200)]
lock the set_message_types() method for imvs

9 years agocosmetics
Andreas Steffen [Mon, 9 May 2011 05:47:20 +0000 (07:47 +0200)]
cosmetics

9 years agoWipe memory after using key material (incomplete, to be continued)
Martin Willi [Mon, 9 May 2011 12:33:22 +0000 (14:33 +0200)]
Wipe memory after using key material (incomplete, to be continued)

9 years agoUse memwipe() in chunk_clear()
Martin Willi [Mon, 9 May 2011 11:20:24 +0000 (13:20 +0200)]
Use memwipe() in chunk_clear()

9 years agoAdded a memwipe() function to safely overwrite sensitive memory
Martin Willi [Mon, 9 May 2011 11:16:27 +0000 (13:16 +0200)]
Added a memwipe() function to safely overwrite sensitive memory

9 years agofixed debug output
Andreas Steffen [Sun, 8 May 2011 22:49:59 +0000 (00:49 +0200)]
fixed debug output

9 years agoadapted state_machine for retry batches
Andreas Steffen [Sun, 8 May 2011 22:49:36 +0000 (00:49 +0200)]
adapted state_machine for retry batches

9 years agoversion bump to 4.5.2rc2
Andreas Steffen [Sun, 8 May 2011 15:56:05 +0000 (17:56 +0200)]
version bump to 4.5.2rc2

9 years agolock the set_message_types() method
Andreas Steffen [Sat, 7 May 2011 15:51:43 +0000 (17:51 +0200)]
lock the set_message_types() method

9 years agoadded missing comma
Andreas Steffen [Sat, 7 May 2011 08:22:57 +0000 (10:22 +0200)]
added missing comma

9 years agorefactored tnccs->remove_connection()
Andreas Steffen [Fri, 6 May 2011 13:13:05 +0000 (15:13 +0200)]
refactored tnccs->remove_connection()

9 years agoid of non-registered threads defaults to 0
Andreas Steffen [Fri, 6 May 2011 04:22:19 +0000 (06:22 +0200)]
id of non-registered threads defaults to 0

9 years agoMigrated scheduler_t to INIT/METHOD macros
Martin Willi [Thu, 5 May 2011 09:11:30 +0000 (11:11 +0200)]
Migrated scheduler_t to INIT/METHOD macros

9 years agoMigrated callback_job to INIT/METHOD macros
Martin Willi [Mon, 2 May 2011 08:36:10 +0000 (10:36 +0200)]
Migrated callback_job to INIT/METHOD macros

9 years agoMigrated processor to INIT/METHOD macros
Martin Willi [Mon, 2 May 2011 08:25:02 +0000 (10:25 +0200)]
Migrated processor to INIT/METHOD macros

9 years agoTypo in NEWS fixed.
Tobias Brunner [Thu, 5 May 2011 08:31:33 +0000 (10:31 +0200)]
Typo in NEWS fixed.

9 years agoNote about certificates added to CA section in ipsec.conf man page.
Tobias Brunner [Wed, 4 May 2011 16:23:00 +0000 (18:23 +0200)]
Note about certificates added to CA section in ipsec.conf man page.

9 years agotesting: Properly align numbers of succeeded and failed tests in overview page.
Tobias Brunner [Wed, 4 May 2011 15:12:33 +0000 (17:12 +0200)]
testing: Properly align numbers of succeeded and failed tests in overview page.

9 years agotesting: Add crumbtrail to overview page which lists all tests.
Tobias Brunner [Wed, 4 May 2011 14:59:34 +0000 (16:59 +0200)]
testing: Add crumbtrail to overview page which lists all tests.

9 years agotesting: Directly link to index.html of tests to allow browsing via file://.
Tobias Brunner [Wed, 4 May 2011 14:21:59 +0000 (16:21 +0200)]
testing: Directly link to index.html of tests to allow browsing via file://.

9 years agotesting: Avoid adding additional spacing around testresults.
Tobias Brunner [Wed, 4 May 2011 14:19:34 +0000 (16:19 +0200)]
testing: Avoid adding additional spacing around testresults.

9 years agotesting: Replace back link in results with crumbtrail to improve navigation.
Tobias Brunner [Wed, 4 May 2011 13:50:16 +0000 (15:50 +0200)]
testing: Replace back link in results with crumbtrail to improve navigation.

9 years agoAdded NEWS about duplicheck and coupling plugins
Martin Willi [Thu, 5 May 2011 07:38:48 +0000 (09:38 +0200)]
Added NEWS about duplicheck and coupling plugins

9 years agoFix algorithm type for signers, fixes warning with gcc 4.5
Martin Willi [Tue, 3 May 2011 09:32:40 +0000 (11:32 +0200)]
Fix algorithm type for signers, fixes warning with gcc 4.5

9 years agoCache group name in sys_logger_t to avoid problems with Vstr.
Tobias Brunner [Tue, 3 May 2011 08:50:28 +0000 (10:50 +0200)]
Cache group name in sys_logger_t to avoid problems with Vstr.

Because syslog(3) is not replaced when using the Vstr wrapper, %N can
not be resolved properly.

9 years agoMigrated sys_logger_t to INIT/METHOD macros.
Tobias Brunner [Tue, 3 May 2011 08:21:58 +0000 (10:21 +0200)]
Migrated sys_logger_t to INIT/METHOD macros.

9 years agoMigrated file_logger_t to INIT/METHOD macros.
Tobias Brunner [Tue, 3 May 2011 08:21:03 +0000 (10:21 +0200)]
Migrated file_logger_t to INIT/METHOD macros.

9 years agoversion bump to 4.5.2rc1
Andreas Steffen [Mon, 2 May 2011 20:15:43 +0000 (22:15 +0200)]
version bump to 4.5.2rc1

9 years agoRemoved superfluous parameter missed in e5e5bcc92f.
Tobias Brunner [Mon, 2 May 2011 15:13:14 +0000 (17:13 +0200)]
Removed superfluous parameter missed in e5e5bcc92f.

9 years agoFix a potential memleak if two threads fingerprint a credential simultaneously
Martin Willi [Mon, 2 May 2011 13:03:56 +0000 (15:03 +0200)]
Fix a potential memleak if two threads fingerprint a credential simultaneously

9 years agoAccept name fields in EAP-MD5 messages
Martin Willi [Mon, 2 May 2011 07:25:28 +0000 (09:25 +0200)]
Accept name fields in EAP-MD5 messages

9 years agoadded missing tab
Andreas Steffen [Thu, 28 Apr 2011 11:30:40 +0000 (13:30 +0200)]
added missing tab

9 years agoadapted debug output
Andreas Steffen [Thu, 28 Apr 2011 11:27:44 +0000 (13:27 +0200)]
adapted debug output

9 years agodo not send messages of type TNC_VENDORID_ANY or subtye TNC_SUBTYPE_ANY
Andreas Steffen [Thu, 28 Apr 2011 11:27:17 +0000 (13:27 +0200)]
do not send messages of type TNC_VENDORID_ANY or subtye TNC_SUBTYPE_ANY

9 years agoTypo fixed.
Tobias Brunner [Thu, 28 Apr 2011 10:50:30 +0000 (12:50 +0200)]
Typo fixed.

9 years agolog unsupported IMC_IMV message types
Andreas Steffen [Thu, 28 Apr 2011 00:27:08 +0000 (02:27 +0200)]
log unsupported IMC_IMV message types

9 years agolist registered TNCCS message types
Andreas Steffen [Wed, 27 Apr 2011 23:34:03 +0000 (01:34 +0200)]
list registered TNCCS message types

9 years agoIKEv2 was only partially the default for connections with auto=route and auto=start.
Tobias Brunner [Wed, 27 Apr 2011 09:33:06 +0000 (11:33 +0200)]
IKEv2 was only partially the default for connections with auto=route and auto=start.

Connections with auto=route and auto=start that did not have
keyexchange=ikev2 explicitly specified did get added to charon,
but did not get routed or started by charon.